[XviD-devel] Buffer overflow in VFW front-end 1.1.0
Chad Hein
fp2xm1r02 at sneakemail.com
Wed Mar 8 22:41:53 CET 2006
This may have been reported before (doesn't seem to be any obvious way to search archives) but I found a buffer overflow in the VFW front end in xvid-core 1.1.0
For the IC_GETINFO message, the VFW fills in a ICINFO structure. The last item in the ICINFO structure is
WCHAR szDriver[128]
The VFW front end fills in the full path to the driver. If the full path is greater then 128, a buffer overflow results (verified).
I did not experiment to see if it was exploitable for running arbitrary code, but it is a pretty bad idea in anycase.
More information about the XviD-devel
mailing list